Microsoft Intune is an endpoint management solution that manages user access to organizational resources. When integrated with AssetExplorer Cloud, you can import asset information from Microsoft Intune into AssetExplorer Cloud.
Intune Actions | Explanation |
Sync | Forces devices to sync with Microsoft Intune and imports any pending actions or policies assigned to the devices. |
Wipe | Restores devices to their default factory settings. Both organization and personal data will be removed from the devices. This action is not supported for macOS and iOS devices. |
Restart | Restarts the device without informing the device owner. |
Retire | Removes the selected devices from Microsoft Intune and deletes its managed app data, settings, and assigned email profiles. Retired devices will no longer have access to organization resources. |
Delete | Removes selected devices from Microsoft Intune. Deleted devices will no longer have access to organization resources. |
Send Notification | Sends custom messages to devices. The notifications will appear on the device lock screen. Intune custom notifications are not supported on macOS and Windows. |
Preview the list of devices that will be synced into AssetExplorer Cloud by clicking Preview Matching Assets (JSON).
Click Save to save the configurations, or Save and Sync to save the configurations and import the assets from MS Intune instantly.
The imported devices are stored under Assets > IT and classified as smartphones, tablets, or workstations.
The synced information includes the number of assets that were added, updated, and removed. You can also see details on the next scheduled sync.
Besides viewing the last sync information, you can use Sync now to sync the device manually.
DeviceManagementManagedDevices.ReadWrite.All
Allows the app to read and write the properties of devices managed by Microsoft Intune; however, it does not allow high-impact operations such as remote wipes and password reset on the device's user.
DeviceManagementManagedDevices.Read.All
Allows the app to read the properties of devices managed by Microsoft Intune.
DeviceManagementManagedDevices.PrivilegedOperations.All
Allows the app to perform remote high-impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
FAQs
1. What are the possible causes of assets not being synced into AssetExplorer Cloud from Microsoft Intune after enabling the integration?
Making API requests to retrieve devices from the Intune inventory might not work if the Microsoft account used for authorization doesn't have sufficient permissions in Intune. Make sure either a global administrator or an Intune service administrator account is used for the integration.
To check permissions in Intune,
Go to the Microsoft Endpoint Manager admin center and click Tenant administration > Roles > My permissions.
2. Can the SDAdmin use a different Microsoft account for the integration if SSO is enabled?
You cannot use any other Microsoft account besides the linked account for integrations when logging in with SSO.
To use another Microsoft account, disconnect the linked Microsoft account in Zoho Accounts > Linked accounts and then authorize using the new account credentials.
3. I have enabled Azure/User Sync integration using one Microsoft account. Can I use a different Microsoft account for Intune Integration?
You can only use one Microsoft account for all integrations. To change the Microsoft account for integrations,
Go to Setup > Users & Permissions > Requesters > Import Users > Import from Azure.
Click Disconnect Account and use a new account for the integration.
4. What is the information synced into AssetExplorer Cloud from Microsoft Intune?
Workstations:
AssetExplorer Cloud Fields | MS Intune Fields |
Name | Name |
Service Tag | Serial number |
Serial Number | Serial number |
Model | Model |
Manufacturer | Manufacturer |
Operating System | Operating system |
Version (Operating System) | Operating system version |
Wifi - MAC Address (Network Adapters) | Wifi MAC |
Ethernet - MAC Address (Network Adapters) | Ethernet MAC |
Capacity (Hard Disks) | Total storage space |
Mobile devices:
AssetExplorer Cloud Fields | MS Intune Fields |
Name | Name |
IMEI | IMEI |
Serial Number | Serial number |
Discovered Serial Number | Serial number |
Product Manufacturer | Manufacturer |
Product | Model |
Ethernet - MAC Address (Network Adapters) | Ethernet MAC |
Wifi - MAC Address (Network Adapters) | Wifi MAC |
Platform (Operating System) | Operating system |
OS Name (Operating System) | Operating system |
OS Version (Operating System) | Operating system version |
Total Capacity | Total storage space |
Available Capacity | Free storage space |
5. Why do the workstations imported from Microsoft Intune also appear under Unaudited Workstations?
Unaudited workstations list the workstations that have an unsuccessful scan status or have been unreachable by the probe.
In Intune integration, the asset is not scanned, but the asset information is pulled from Microsoft Intune.
Since the workstations created through the integration haven't interacted with the probe, their scan status isn't set. As a result, they appear under Unaudited Workstations.
6. What are the possible causes of assets of a specific model or product not syncing?
To ensure that devices are synced properly, verify whether the product type is set correctly.
The product type of a device must be set to either Workstation or Server for Windows and macOS devices, and either Smartphone or Tablet for Android and iOS devices. The product type can be viewed under Setup > Customization > Asset Management > Product.
7. How are existing workstations identified and updated in the application instead of being created as new workstations?
When workstations are synced from Microsoft Intune, AssetExplorer Cloud will identify these workstations by their name and service tag.
If the synchronized workstation matches an existing workstation, the new data will replace the existing data.
If no workstation is found with the same properties, a new asset will be created with the newly synchronized workstation's name.
If multiple workstations have the same properties, one of the existing workstations will be updated randomly.
8. How are existing mobile devices identified and updated in the application instead of being created as new mobiles?
When a new mobile device comes into the application from Intune through the sync process, the system will search for the mobile devices with either the same serial number or the same IMEI.
When mobile devices are synced from Microsoft Intune, AssetExplorer Cloud will identify these devices by their serial number and IMEI.
If the synchronized mobile phone matches an existing device, the new data will replace the existing data.
If no mobile phone is found with the same properties a new asset will be created with the newly synchronized mobile phone's serial number and IMEI.
If multiple mobile phones have the same properties, the data of one existing phone will be modified at random.
9. The customer is unable to consent to the integration. How to resolve the following error?
When the global administrator blocks their organization's users from consenting to the apps in Azure, the following error message occurs.
Follow the below steps to check if the user consent has been blocked or not.
Log in to the Microsoft Azure portal using the Global Administrator credentials.
Go to Azure Active Directory > Enterprise applications > Consent and permissions.
Select User consent setting. If the Do not allow user consent radio button is enabled under the User consent for applications, the organization users are not allowed to consent to the apps.